General

  • Target

    f7d68a7ef2986d75e2947d7a22f03577_JaffaCakes118

  • Size

    36KB

  • Sample

    241216-htzy2szje1

  • MD5

    f7d68a7ef2986d75e2947d7a22f03577

  • SHA1

    1fe822db2346db2fc27fdbb57e755e21c17a517b

  • SHA256

    eceefffd5f4d0f970f801cff810e079aaa1aa1853647507388b79f8455f17529

  • SHA512

    0aa1a27c3f1632edef7537e21816f248cdd7bc2960e9d8ceb115c1e4ed86168eead3524569c14e81b47a7ddd68d4d92c881b18e90aaaee3f34e4752289f32b5b

  • SSDEEP

    384:vJTynDLDDD/f9gO+0RT2ZkxmQxqrPEelZ7JcFgIcNZa5n84COuRa+RdrpWl/W64U:BQLDDLWQRT2mgEeP7JcaIcN85bwYM4J

Malware Config

Targets

    • Target

      f7d68a7ef2986d75e2947d7a22f03577_JaffaCakes118

    • Size

      36KB

    • MD5

      f7d68a7ef2986d75e2947d7a22f03577

    • SHA1

      1fe822db2346db2fc27fdbb57e755e21c17a517b

    • SHA256

      eceefffd5f4d0f970f801cff810e079aaa1aa1853647507388b79f8455f17529

    • SHA512

      0aa1a27c3f1632edef7537e21816f248cdd7bc2960e9d8ceb115c1e4ed86168eead3524569c14e81b47a7ddd68d4d92c881b18e90aaaee3f34e4752289f32b5b

    • SSDEEP

      384:vJTynDLDDD/f9gO+0RT2ZkxmQxqrPEelZ7JcFgIcNZa5n84COuRa+RdrpWl/W64U:BQLDDLWQRT2mgEeP7JcaIcN85bwYM4J

    • Andromeda family

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

    • Detects Andromeda payload.

    • Adds policy Run key to start application

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks